In the past few months, numerous media reports have described ransomware attacks, in which an organization’s network is taken hostage by cybercriminals demanding substantial ransom payments.

Such attacks have jeopardized the affected organizations’ ability to provide critical services to the communities and regions they serve. As a major research enterprise and health system, UTMB does not want to be one of these statistics.

To minimize the risk to UTMB’s mission from ransomware attacks and other cyberthreats such as phishing, I have directed Information Technology Services and our Information Security team to fortify our cyberdefenses.  

The following enhancements are currently underway:

1. A security operations center has been established to continuously monitor for and respond to unauthorized intrusion attempts, phishing attacks and other types of harmful activity.
2. Technology is being deployed to ensure only authorized and secure devices connect to our network.
3. Controls are being developed to restrict access to unsecure or unauthorized cloud applications and to malicious or business-inappropriate websites.
4. Information Systems Security Administrators have been appointed to each department that supports and maintains information technology. These administrators are accountable for all aspects of cybersecurity as it relates to the resources and processes they support.
5. We are expanding our efforts to build awareness of cybersecurity. Watch for more information in Relay Notes and on iUTMB soon.
6. We continue to conduct testing to ensure that our processes and technology are effective controls and to ensure our people are complying with existing standards and can identify suspicious emails and activity.
   

These and other enhancements to our program will have minimal impact on your day-to day-activities.

As an individual, you can help by:

• being aware that cyberthreats are a significant risk for all academic medical centers, including UTMB;
• understanding that phishing attacks are growing ever more sophisticated, with emails that can look legitimate at first glance;
• being wary of emails, links and attachments that are unexpected, unsolicited or otherwise suspicious;
• not downloading unauthorized software via UTMB’s network to your UTMB device; and
• reporting any suspicious emails or downloads to our Information Security team at cirt@utmb.edu.
  

Together, behind-the-scenes controls and individual actions will significantly reduce cybersecurity risks to UTMB’s mission.

Thank you for your help and stay tuned for more information. 

Ben G. Raimer, MD, MA, FAAP

President ad interim